You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Sergey Beryozkin (JIRA)" <ji...@apache.org> on 2015/11/04 15:15:27 UTC

[jira] [Created] (CXF-6663) Scope based authorization support for OAuth2 RS endpoints

Sergey Beryozkin created CXF-6663:
-------------------------------------

             Summary: Scope based authorization support for OAuth2 RS endpoints
                 Key: CXF-6663
                 URL: https://issues.apache.org/jira/browse/CXF-6663
             Project: CXF
          Issue Type: Improvement
          Components: JAX-RS Security
            Reporter: Sergey Beryozkin
            Assignee: Sergey Beryozkin


Annotations like @ConfidentialClient, @Scopes("a", "b") should  be used in the combinations or separately, ex, this method can only be invoked if the client behind this access token is confidential, and/or this client has 'a' and 'b' scopes approved. OAuth2 filter can already so some fine-grained authorization (restrict to specific HTTP verbs or URI subsets) and the RS code can use OauthContext to manually check the scopes, the client type, etc, but the annotation-based AC would be quite handy too



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)